For me GDPR and Cyber Essentials Plus come hand in hand. You can’t do one without the other (on a security front) – both help secure your Network and Data. In our latest Blog, we look at how Vulnerability Management and Incident Detection and Response fit in to the equation.
Two of the key elements of Cyber Essentials Plus are Vulnerability Management and Incident Detection and Response (SIEM). When you scratch the surface of these technologies it’s clear to see how they help.
Vulnerability Management – if you don’t have something in place, you’re vulnerable (the giveaway is in the name) hackers constantly look for outdated software to exploit and WannaCry is a great example of this.
Any Vulnerability Management vendor worth their salt would have picked this up. In fact, ITB partner Rapid7 knew of this vulnerability 2 months before any hackers became aware. Furthermore, they proactively warned their customers to patch this vulnerability.
I often get told ‘we don’t need Vulnerability Management because I have a patching tool in place’. However, unless you know what is most vulnerable and what vulnerabilities are out in the wild, how do you know what is a priority and what to patch first? The simple answer is you don’t. You’re pretty much playing Roulette and hoping for the best. Vulnerability Management is a Cyber Essentials requirement for a reason.
Incident Detection & Response
Moving on to Incident Detection & Response (SIEM). If you uncover or are made aware of a breach, one of the first things you must do is report it to the relevant authorities within a set time period. Namely the ICO and within 72 hours.
At the beginning of their investigation they will ask some key questions:
- How did this happen?
- Has it affected any other parts of your network?
- What have you done to remediate this and prevent it from happening again?
Being blunt, without having a specific tool in place that reports and provides context into security events, you can’t. Especially within the time period afforded by the ICO.
The ICO probably won’t take kindly to this. After all, GDPR is in place to ensure you protect your data (PII) and have the best security practises in place to assist with this.
Download the latest Rapid7 Detection and Response Whitepaper HERE
I always recommend to my customers to look at Managed Incident Detection & Response. This is so they have a 24/7 x 365 service.
Let’s be honest, we very rarely hear of a burglar breaking into a house and stealing their prized possessions in the middle of the day when everybody is home. The authorities will of course, ultimately catch them, meaning they will spend the next 2 years at her majesties pleasure. I’m sure there will be the odd case after all not all criminals are particularly clever! But your network is the same as your house, your car and any other possession of any worth, hackers will look to exploit you when the lights are off and your guard is down!
So you must ask yourself, as a business can we really afford not to have this technology in place? How much will a breach cost our business in downtime, money & brand reputation and the one I would personally worry about is if we’re breached and I have failed the guidelines of Cyber Essentials and GDPR is my job on the line?
If there is any interest in a discussion around these areas and how ITB and Rapid7 can assist you in becoming more secure and compliant with the basics, please feel free to get in touch.
Ben Pickett, Sales Manager – ITB LtdGO BACK